From owner-freebsd-jail@freebsd.org  Thu Mar 22 04:20:26 2018
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1A542F659DD
 for <freebsd-jail@mailman.ysv.freebsd.org>;
 Thu, 22 Mar 2018 04:20:26 +0000 (UTC)
 (envelope-from jamie@freebsd.org)
Received: from gritton.org (gritton.org [199.192.165.131])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "gritton.org", Issuer "Let's Encrypt Authority X3" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id A94E27C6B0
 for <freebsd-jail@freebsd.org>; Thu, 22 Mar 2018 04:20:25 +0000 (UTC)
 (envelope-from jamie@freebsd.org)
Received: from gritton.org (gritton.org [199.192.165.131])
 by gritton.org (8.15.2/8.15.2) with ESMTP id w2M4DqQ5064205
 for <freebsd-jail@freebsd.org>; Wed, 21 Mar 2018 22:13:52 -0600 (MDT)
 (envelope-from jamie@freebsd.org)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII;
 format=flowed
Content-Transfer-Encoding: 7bit
Date: Wed, 21 Mar 2018 22:13:52 -0600
From: James Gritton <jamie@freebsd.org>
To: freebsd-jail@freebsd.org
Subject: Time for those old global jail sysctls to go
Message-ID: <129ec9ac36d1e1d690924dba62d6c095@freebsd.org>
X-Sender: jamie@freebsd.org
User-Agent: Roundcube Webmail/1.3.3
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Mar 2018 04:20:26 -0000

I've got a revision in the works <https://reviews.freebsd.org/D14791> to
remove the security.jail.foo_allowed sysctls:

> The old jail system had sysctls to set jail permissions for all jails
> (e.g. security.jail.mount_allowed), which were superseded by per-jail
> permissions (e.g. allow.mount). These old sysctls remain a constant
> source of confusion to users, who expect that setting the sysctl will
> change the behavior of existing jails. That the sysctl value at the 
> time
> a jail is created may matter is a backward-compatibility hack that does
> little or nothing to relieve the confusion. So it's time for them to 
> go.

> Also, jail(2) has been replaced by jail_set(2) for a number of years
> now, and it really ought to retire - at least into the COMPAT world.

This may be of interest to anyone who works with jails.  My hope is that
no current software relies on these old sysctls, and they can be removed
with little trouble.  But removing old things never seems to go that 
easy.

- Jamie